In the case that you are unable to use the tool this article helps you eliminate common causes for problems during certificate implementation, including configuration steps and details, and helps avoid common misconfigurations in the implementation of custom certificates in your environment.

Resolution

Creating CA assigned certificates for vSphere is a complex task. In many organizations it is required to maintain proper security for regulatory requirements. There are several different work flows required for successful implementation:

Creating the certificate request

Getting the certificate

Installation and configuration of the certificate in the vSphere Web Client and the Log Browser

These steps must be followed to ensure successful implementation of a custom certificate for the vCenter server. Before attempting these steps, ensure that:

Installing and configuring the certificate for the vSphere Web Client and the Log Browser

After the certificate has been created, follow these steps to complete the installation and configuration of the certificate for the Web Client:

Log into the vSphere Web Client server as an administrator.

If you have not already imported it, double click on the C:\certs\Root64.cer file and import the certificate into the Trusted Root Certificate Authorities > Local Computer Windows certificate store. This ensures that the certificate server is trusted.

Stop the VMware vSphere Web Client service from the service control manager (services.msc).

Stop the VMware Log Browser Service from service control manager (services.msc).

Move the current certificates (rui.crt, rui.key, rui.pfx) to a backup location for the vSphere Web Client.

Installation_Directory by default is C:\Program Files\VMware\Infrastructure

password is the admin@system-domain password

If the command is successful, the output appears similar to:

Open the Installation_Directory\vSphereWebClient\serviceId file in a text editor and remove the two old service lines. In this example, the old lines end in :9 and :10 (shown in the screenshot from step 11) and the new lines end with :14 and :15 (shown in the screenshot from step 12). There should only be the two lines in the file corresponding to the registered services in the screenshot in step 12.

After editing, the file looks similar to:

Start the VMware vSphere Web Client service from the service control manager. It may take about 5 minutes to initialize fully.

Start the VMware vSphere Log Browser service from the service control manager.

To test that the certificate is valid, log into the vSphere Web Client and check that the Inventory is accessible and that the certificate is properly installed.

If they are not on separate servers or you cannot restart the server, stop and start the services in this order:

Stop the VMware Log Browser service.

Stop the VMware vSphere Web Client service

Stop the VMware VirtualCenter Server service

Stop the VMware vCenter Inventory service

Stop the vCenter Single Sign-On services

Start the vCenter Single Sign-On services

Start the VMware vCenter Inventory service

Start the VMware VirtualCenter Server service and the VMware VirtualCenter Management WebServices servic

Start the VMware vSphere Web Client service.

Start the VMware Log Browser service.

Wait 5 minutes for the services to start completely.

Log in and check that the Log Browser is functioning correctly.

Note: If the service is not fully started, you will not see the option for the Log browser. Log out and log back in after a few minutes. It is available after it has completely loaded.